Arbitrary Command Injection

Overview mcp-server-semgrep is a MCP Server for Semgrep Integration - static code analysis with AI Affected versions of this package are vulnerable to Arbitrary Command Injection via the analyzeresults, filterresults, exportresults, compareresults, scandirectory, or createrule functions in the MC...

EUVD-2025-201867

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq input args This will help on validating the userq input args, and rejecting for the invalid userq request at the IOCTLs first place...

CVE-2025-40335

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq input args This will help on validating the userq input args, and rejecting for the invalid userq request at the IOCTLs first place...

EUVD-2009-1046

Malware in sbrugna...

CVE-2025-10236

A vulnerability has been found in binary-husky gptacademic up to 3.91. Impacted is the function mergetexfiles of the file crazyfunctions/latexfns/latextoolbox.py of the component LaTeX File Handler. Such manipulation of the argument \input leads to path traversal. The attack may be launched...

CVE-2022-29201

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.QuantizedConv2D does not fully validate the input arguments. In this case, references get bound to nullptr for each argument that is empty. Versions 2.9.0,...

PT-2025-49788

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s drm/amdgpu subsystem related to the validation of userq input arguments. The issue can be addressed by validating the userq input arguments and...

CVE-2022-35939

TensorFlow is an open source platform for machine learning. The ScatterNd function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. We have...

Command Injection

s3-kilatstorage is vulnerable to command injection. The vulnerability exists due to a lack of sanitization of the input argument allowing an attacker to inject maliciously crafted OS command into the system...

Overflow/crash in `tf.tile` when tiling tensor is large

Impact If tf.tile is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. python import tensorflow as tf import numpy as np tf.keras.backend.tilex=np.ones1,1,1, n=100000000,100000000, 100000000 The number of elements in the output...

USN-4819-1 leptonlib vulnerabilities

It was discovered that Leptonica incorrectly handled path names. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 ESM. CVE-2017-18196 It was discovered that Leptonica incorrectly handled certain input arguments. An attacker could...

PT-2019-2420 · Cisco · Cisco Nx-Os +1

Name of the Vulnerable Software and Affected Versions: Cisco NX-OS Software affected versions not specified Description: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the...

DEBIAN-CVE-2009-1045

requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service stack consumption and crash via a long input argument in an inplay action...

Deserialization of untrusted data

requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service stack consumption and crash via a long input argument in an inplay action...

CVE-2009-1045

requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service stack consumption and crash via a long input argument in an inplay action...

CVE-2008-2935

Multiple heap-based buffer overflows in the rc4 1 encryption aka exsltCryptoRc4EncryptFunction and 2 decryption aka exsltCryptoRc4DecryptFunction functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containin...